Completely remove P-224 from the TLS stack.
It already wasn't in the default list and no one enables it. Remove it
altogether. (It's also gone from the current TLS 1.3 draft.)
Change-Id: I143d07d390d186252204df6bdb8ffd22649f80e3
Reviewed-on: https://boringssl-review.googlesource.com/6775
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 6f2bb4e..2a32cd3 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -1691,14 +1691,13 @@
{
name: "UnsupportedCurve",
config: Config{
- CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
- // BoringSSL implements P-224 but doesn't enable it by
- // default.
- CurvePreferences: []CurveID{CurveP224},
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
+ CurvePreferences: []CurveID{CurveP256},
Bugs: ProtocolBugs{
IgnorePeerCurvePreferences: true,
},
},
+ flags: []string{"-p384-only"},
shouldFail: true,
expectedError: ":WRONG_CURVE:",
},
@@ -4622,7 +4621,6 @@
name string
id CurveID
}{
- {"P-224", CurveP224},
{"P-256", CurveP256},
{"P-384", CurveP384},
{"P-521", CurveP521},